Red Hat Inc. has worked continuously to ensure that its security settings and approaches remain practical and up-to-date, from core application file systems to containerization.
The company is primarily at the forefront of automated deployment and containerized applications through its Red Hat Advanced Cluster Security solution, Kirsten Newcomer (pictured, left), director of cloud strategy and DevSecOps at Red Hat.
“So a native Kubernetes security solution with the ability to help move security to the left for developers integrating into the supply chain,” Newcomer said. “This also provides a SecOps perspective for operations and the security team and feeds the information between the two in one closed infinite loop.
The newcomer and Jim Mercer (pictured, right), research director for DevOps and DevSecOps at IDC, spoke with theCUBE industry analysts Dave Vellante and Paul Gillin at Red Hat Summit during an exclusive broadcast on theCUBE, SiliconANGLE Media’s live streaming studio. They discussed technology acquisitions by Red Hat to strengthen its security stack for developers and customers. (*Disclosure below.)
Filling the DevSecOps Void
Strategic acquisitions are at the heart of any successful business strategy, even in the area of enterprise technology. Companies use them to strengthen technical areas that are clearly lacking. For Red Hat, one such acquisition was StackRox (which the company renamed Red Hat Advanced Cluster Security).
With a demonstrable track record of tools that are naturally capable of stopping contaminant escapes from application containers into messaging file systems, Red Hat is further propagating the left-shift security approach. Its deployment will ensure that organizations are able to stop vulnerabilities and security holes at the earliest stage of development, according to Newcomer.
“In fact, even in the IDE, Red Hat CodeReady Dependency Analytics is it that for developers to be part of the solution and don’t have to wait and block their apps just before it was ready to deploy,” Newcomer explained.
The Interaction Between Software Supply Chains and Open Source
IDC is a global market intelligence company that keeps pace with IT trends, such as security attacks, signals from the developer community, and the prevalence of open source software. Much of the apps developed are mostly comprised of code from elsewhere, presenting its own set of security realities, according to Mercer.
“So I don’t just have innovation from my developers, but I can expand on that. I can bring innovation to the community and bring it and do things much faster,” he added.
Since circumstances like the ongoing pandemic have forced organizations to innovate and transform at a rapid pace, they have turned to open source to accelerate the process. Thus, software “bill of materials” is an accounting of the various components that have gone into software, according to Mercer.
“The wicked realize now that we all absorb a lot of open-source code and they say, ‘Geez is a great way to get me started with apps.‘ If they can infiltrate this open source component, it opens the doors to thousands of applications or more. So it’s a fast path to the supply chain,” Mercer explained.
Here’s the full video interview, some of SiliconANGLE and theCUBE’s coverage of the Red Hat Summit Event:
(* Disclosure: TheCUBE is a paid media partner of Red Hat Summit. Neither Red Hat Inc., the sponsor of theCUBE event coverage, nor other sponsors have editorial control over the content of theCUBE or SiliconANGLE. )